CVE-2017-16923

Name of the Vulnerable Software and Affected Versions Shenzhen Tenda Ac9 US AC9V1.0BR V15.03.05.14 multi TD01 Shenzhen Tenda Ac9 ac9 kf V15.03.05.19(6318 ) cn Shenzhen Tenda Ac15 US AC15V1.0BR V15.03.05.18 multi TD01 Shenzhen Tenda Ac15 US AC15V1.0BR V15.03.05.19 multi TD01 Shenzhen Tenda Ac18 US AC18V1.0BR V15.03.05.05 multi TD01 Shenzhen Tenda Ac18 ac18 kf V15.03.05.19(6318 ) cn

Description A Command Injection issue in the app data center of the affected devices allows remote unauthenticated attackers to execute arbitrary OS commands. This is achieved via a crafted "cgi-bin/luci/usbeject?dev name=" GET request from the LAN, exploiting the fact that the sub A6E8 usbeject process entry function executes a system function with untrusted input.

Recommendations For Shenzhen Tenda Ac9 US AC9V1.0BR V15.03.05.14 multi TD01, consider disabling the sub A6E8 usbeject process entry function until a patch is available. For Shenzhen Tenda Ac9 ac9 kf V15.03.05.19(6318 ) cn, restrict access to the "cgi-bin/luci/usbeject" endpoint to minimize the risk of exploitation. For Shenzhen Tenda Ac15 US AC15V1.0BR V15.03.05.18 multi TD01, avoid using the dev name parameter in the affected API endpoint until the issue is resolved. For Shenzhen Tenda Ac15 US AC15V1.0BR V15.03.05.19 multi TD01, apply configuration changes to limit the execution of system functions with untrusted input. For Shenzhen Tenda Ac18 US AC18V1.0BR V15.03.05.05 multi TD01, temporarily disable the usbeject functionality to prevent command injection attacks. For Shenzhen Tenda Ac18 ac18 kf V15.03.05.19(6318 ) cn, implement additional security measures to validate user input before executing system functions.